
Is DeepSeek safe for your firm?
The DeepSeek app and API process your words on servers in China, so keep client work out. The same models run by a Western host are a different decision.
Whether DeepSeek is safe for your firm depends on which DeepSeek you mean. The consumer app and DeepSeek's own API process what you type on servers in China, so we would keep client work out of both.
The same models run by a Western host are a different and more defensible decision. That distinction is the whole answer, and almost nobody selling you an opinion on DeepSeek makes it. This piece is general information, not legal advice; where the questions bite your firm, take proper advice.
The pull is obvious. DeepSeek's models are capable and startlingly cheap, which is why a cost-conscious member of staff, or the supplier who builds your firm's tools, keeps suggesting them. The right response is not a reflex ban or a shrug. It is knowing which route to the model you are being offered, because the risk sits in the route, not in the model weights themselves.
One name, three different products
The first route is the consumer app and website. DeepSeek's own privacy policy says it stores what it collects on servers in the People's Republic of China, and what it collects includes your prompts, uploaded files and chat history. Chinese law can require organisations there to assist state authorities, which is why governments elsewhere reacted so sharply to the app.
Jurisdiction aside, ordinary operational failure applies too. In January 2025, researchers at Wiz found a DeepSeek database sitting open on the internet with no password, holding over a million log lines including chat history. DeepSeek locked it down promptly once told, but the people whose conversations sat in it were not asked either way.
The second route is DeepSeek's own API, the paid developer service. The business terms differ from the app, but the processing happens in the same jurisdiction. For a firm handling client information, the two routes answer the important questions the same way.
The third route is the one most commentary misses. DeepSeek publishes its models as open weights, meaning the model files themselves can be downloaded and run by anyone with the hardware. Microsoft hosts and sells DeepSeek models on Azure, and other clouds do the same.
Used that way, your prompts go to the host under the host's terms, and DeepSeek the company never sees them. The model is Chinese; the processing is not.
Four questions that decide whether a route is safe
Strip the brand name away and the decision gets easier. Judge an AI vendor by where your data is processed, what is logged, who can compel access to it, and whether your inputs train the model. Those four questions work for DeepSeek, and they work just as well for any tool a supplier proposes next quarter.
1. Where is the data processed? That means where the servers are, not where the company is famous. For the DeepSeek app and API, the answer is China. For the same model on Azure, the answer is Microsoft's infrastructure.
2. What is logged and kept? Prompts, files and chat history are records. The Wiz incident is what it looks like when those records leak.
3. Who can compel access to it? Every jurisdiction has some power to demand data; they differ in how broad it is and how much say the provider has. This is the question that separates the routes most sharply.
4. Do your inputs train the model? Consumer tiers of many AI tools use conversations for training unless told otherwise. Business contracts usually promise not to. Read the term, whichever vendor it is.
Picture the two ways this goes wrong in practice. A corporate finance team pastes deal terms into the app because the model reads a data room summary well. A recruiter pastes a candidate's CV to draft an approach. In both cases the sensitive information belongs to someone else, the client and the candidate, and it has just travelled to wherever the route sends it.
The takeaway sits in one comparison: the three routes to the same model answer the four questions very differently.
| Route | Where processed | Who can see or be compelled to give your data | Sensible use |
|---|---|---|---|
| DeepSeek app or website | Servers in China | DeepSeek, and authorities with legal reach over it | Nothing confidential, no client or personal data |
| DeepSeek's own API | Servers in China | DeepSeek, and authorities with legal reach over it | Same caution as the app |
| Open-weight model via a Western host | The host's infrastructure | The host, under its terms and jurisdiction | A workable option, judged like any other cloud supplier |
Is DeepSeek banned anywhere?
In a few places it is, at least in part. Italy's data protection regulator ordered an urgent halt to the DeepSeek companies' processing of Italian users' data in January 2025, and the app came off Italian app stores. Law firm Bird & Bird has a clear summary of the order. Australia and Taiwan barred it from government systems, and several US agencies did the same.
None of that binds a firm here. The UK has taken no equivalent step, and a foreign regulator's order is a signal worth reading, but it is not your rulebook.
What does reach you is the law you already work under. Sending personal data to a provider that processes it in China is an international transfer under UK GDPR. China has no adequacy decision, so the safeguards are your responsibility. Client confidentiality sits on top of all of it, whatever the tool.
So the honest UK position is unglamorous. Nothing forbids DeepSeek; everything you already owe your clients still applies to it. A firm that would not put client papers in an unvetted overseas filing service should apply the same instinct to an unvetted overseas AI service, and for the same reason.
Will DeepSeek still be there next quarter?
Continuity deserves one paragraph of your attention. Reuters reported in July that Beijing has been discussing curbs on overseas access to its top AI models, including open-weight releases. The discussions are explicitly unsettled, with no decision and no timeline. Separately, DeepSeek retires its legacy API model names on 24 July, and the model behind those names already changed once this spring without the names changing.
Neither is a reason to panic, and the open weights already published cannot be un-published. Both are reasons to treat this vendor the way a continuity plan treats any vendor: assume the deal can change and know what you would do next.
What we would advise your firm to do
Keep client and personal data out of the DeepSeek app and the direct API. That is the same standing rule we give on consumer chatbots generally, with an added jurisdiction reason here. Cheap is a price, not a safety rating.
If the economics genuinely matter, and at DeepSeek's prices they might, take the open-weight models through a host you can answer for, on business terms you have actually read. Judge that host with the same four questions. Then write the decision down in your firm's AI policy, naming which routes are permitted and for what work.
Spare a thought for the person who suggested DeepSeek in the first place. They were usually trying to do their job faster with the budget they have, and a flat ban with no alternative teaches them to stop asking. Give them a sanctioned route and the next suggestion arrives through the front door.
Working out which routes to sanction, and how to explain them to a team, is exactly the sort of judgement call we work through with leaders in AI Lessons for Leaders.
Common questions
Is DeepSeek banned in the UK?
No. The UK has not banned DeepSeek or restricted it for private firms. Italy's regulator ordered a halt to processing of Italian users' data, and some governments bar it from official systems, but no equivalent UK step exists. UK firms still owe their normal data protection and confidentiality duties when using it.
Is using DeepSeek through Azure or AWS different from using the app?
Yes, materially. The app sends your prompts to DeepSeek's servers in China. The same open-weight models hosted by Microsoft or another Western cloud process your prompts on the host's infrastructure under the host's terms. The questions to ask are the ones you would ask of any cloud supplier.
Where does the DeepSeek app store its data?
DeepSeek's privacy policy states that collected information, including prompts, uploaded files and chat history, is stored on servers in the People's Republic of China. That is the company's own published position rather than a critic's claim.
The next step costs an hour. List where DeepSeek, or any cheap model, already reaches your firm through staff and suppliers. Decide which of the three routes you will permit, and put the decision in writing. If you want a second pair of eyes on it, book a discovery call or start with our overview for legal and risk-aware professional services.